Some time back I posted about Azure Active Directory synchronisation using Forefront Identity Manager (FIM) 2010 R2 and the Azure AD Connector. My focus was multi-forest deployments, but as we know this topology was required for several advanced scenarios too. Microsoft have since shipped Azure AD Synchronization Services (AADSync), soon to be rebranded Azure AD Connect (AAD Connect), which negates the need for FIM for most deployments and further solidifies the mentality that the Azure AD identity bridge should be separate from the enterprise identity management solution.
Having deployed quite a few FIM and AAD Connector topologies for large, enterprise customers, and having been involved in planning and design, implementation and deployment and post go live support and transfer to operations I have learned, the hard way, that the immutable ID design artefact is a massive consideration, too often overlooked and not understood. I talked about this in my post
View original post 1,074 more words